Sony Becomes a Target of Data Hacking

by securedatamgt | 11 Dec 2014

Cyber Crime Word Cloud

Another high profile example of data hacking has caught the attention of the world media. This time the victim is Sony (who had the social security numbers of 47,000 employees and celebrities breached).

A lot of the information that was compromised was sensitive in nature but was mostly stored on Microsoft Excel without the protection of passwords. As a result of the attack Sony had to shut down its IT systems, causing significant disruption. Celebrity involvement has led to the case becoming high profile, with information belonging Sylvester Stallone and Judd Apatow being disclosed. The demands of the hackers has also led to increased media speculation.

A hacker group, Guardians of the Peace, have taken responsibility for the breach and have stated they will continue to disclose the information on the web if Sony doesn’t comply with their wishes – these requests are still not known. Already the hackers are starting to release information piece by piece. This sort of hostage mentality when it comes to data hacks is unusual in commercial breaches of this scale and it will certainly be interesting to see how Sony weathers this storm.

The data is currently being analysed by Identity Finder LLC. The firm has reported that home addresses and salary information have been compromised. The timeline of the data stolen is quite extraordinary; data concerning an employee who started working at Sony in 1955 has been infiltrated. Information regarding movie profitability has also been released. Profits of movies such as American Hustle and Captain Philips have been listed online.

A North Korean Hack?

On top of this, Sony movies have also been released, including Annie and Fury. The pre-release of movies onto the internet has led to rumours over whether North Korea might be responsible for the breach. One of the films that was released was Sony’s, The Interview, starring Seth Rogan and James Franco. The film follows the journey of two American TV presenters to North Korea who are assigned by the CIA to assassinate Kim Jong-un.

So far North Korea has refuted their possible involvement. Kim Jong-un had previously called The Interview “an act of war” – clearly not a fan, hack master or not. The Sony hack is currently being compared to a data hacking attack North Korea launched on South Korea last year. However, apart from North Korea’s antipathy to The Interview there is very little incriminating evidence at this stage. Most of data has been disclosed on Pastebin, a site popular with hackers – but an unlikely data outlet for the North Korean officials. There is also the possibility that ex-employees were involved in the attack, given the scope of the data released. The FBI is currently investigating the breach to try and figure out who were architects of this data hacking scandal.

Since the breach, Sony employees and their families have been threatened by the hackers via e-mail. The hackers have called upon employees to join them and turn against Sony. These threats are certainly an unusual development and further suggest this breach could be a more personal attack on Sony by a group of people who have been injured by the company.

To learn about how you could protect your company from future threats check out this post: What is Data Security?

Past Data Hacking Against Sony

This isn’t the first time Sony has been victim to a data hacking breach. Back in to 2011 Sony had the data of 70 million of its PlayStation Network customers compromised. Only a month after that it was hacked again by Lulzsec. The group issued personal information belonging to Sony Picture customers who had taken part in Sony contests on the web. Customer information, including addresses, passwords and phone numbers were all disclosed online.

This hack will be no easy feat for Sony to recover from, not only has the inner workings of its business model been laid bare but the high profile of its executives and films means that this hack is likely to haunt the company in American media for some time to come. Moreover, speculation on North Korea’s involvement means that this could be a game-changer hack.

It wouldn’t be the first time a country has been incriminated in a hack; only this year Russia was hinted to be behind the JP Morgan attack in retaliation to economic sanctions. This accusation has since faded into obscurity with cyber criminals now the more likely perpetrators. However, if it is proven that North Korea was involved in this hack the impact of this revelation for international relations would be immense.